Drupalcommerce: Security Vulnerabilities
The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, related to a "response from commweb."
CVSS Score
5.0
EPSS Score
0.002
Published
2015-09-17